Bug 993502
Summary: | Adding new extra hardening build flags for debugging | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Dhiru Kholia <dkholia> | ||||
Component: | redhat-rpm-config | Assignee: | Florian Festi <ffesti> | ||||
Status: | CLOSED EOL | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 22 | CC: | bastiaan, bressers, dhiru, jonathan, pcfe | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-07-19 10:16:35 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Dhiru Kholia
2013-08-06 05:19:14 UTC
Created attachment 783184 [details]
add ASAN + TSAN extra hardening macro
I have attached a patch for redhat-rpm-config package to enable building packages with ASAN / TSAN. I have added "_AddressSanitizer_build" and "_ThreadSanitizer_build" flags and turning them on enables ASAN and TSAN respectively. My patch is tiny, safe and does (should) not affect anything unless the SPEC files are explicitly modified to use these new flags. Just a couple of remarks based on initial, brief look at the thing: - Introducing two separate flags for mutually exclusive features doesn't seem like such a hot idea - Enabling either saniziter mode introduces additional build-requires (libasan or libtsan), but there's no way to automatically reflect that in the packages, so builds will just barf up and you'll need to dig into config.log to figure out what went wrong I'm not opposed to somehow providing a common way of enabling these things but the current approach doesn't IMO cut it. In addition, -fsanitize=thread appear to have further restrictions which aren't taken into account in the patch afaics: gcc: error: -fsanitize=thread linking must be done with -pie or -shared (In reply to Panu Matilainen from comment #3) > Just a couple of remarks based on initial, brief look at the thing: > - Introducing two separate flags for mutually exclusive features doesn't > seem like such a hot idea Yes, it is terrible. Is there an alternate solution which works? > - Enabling either saniziter mode introduces additional build-requires > (libasan or libtsan), but there's no way to automatically reflect that in > the packages, so builds will just barf up and you'll need to dig into > config.log to figure out what went wrong True. Is "educating users" via documentation a decent solution? > I'm not opposed to somehow providing a common way of enabling these things > but the current approach doesn't IMO cut it. I agree that the current approach has some problems but this is like my 3rd day with this package ;) I am sure that you (and other folks) can come up with a better solution. (In reply to Panu Matilainen from comment #4) > In addition, -fsanitize=thread appear to have further restrictions which > aren't taken into account in the patch afaics: > > gcc: error: -fsanitize=thread linking must be done with -pie or -shared You are right. Currently, I rely on the existing "_hardened_build" option being enabled already. This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle. Changing version to '20'. More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20 This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22 Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. |